Once South Africa begins to experience faster and cheaper Internet during the course of this year, multi-layered security solutions will become essential for all businesses, writes Grant Brown, endpoint security specialist at Symantec.
History has shown that malicious activity on the internet increases dramatically when more bandwidth is provided and access is easier and cheaper. This phenomenon is common as there is a natural lag between offering new services and securing the infrastructure. Securing the device accessing the network, therefore, becomes the responsibility of the user or of the organisation issuing the device.
A computer network no longer consists of static, deskbound endpoints. Mobile devices and personal-use devices are gaining in popularity as users choose their own mode of access to company networks. Fixed- and wireless-access, too, complicates the already-complex task of managing a host of endpoint devices connecting to the network.
Successfully controlling all these endpoints separately will be extremely frustrating and not guaranteed.
To address this challenge, companies need to integrate an endpoint security solution, network access control (NAC), and compliance, into a single solution that’s easy to manage.
An endpoint can be defined as an information-accessing device attached to an organisational network. To ensure the enterprise remains secure, these individual 'points' need to be protected when connecting and disconnecting to the network, thus securing the device and the network from malicious code and activity.
A Frost & Sullivan research paper published in 2008 entitled “World Endpoint Security Products Markets” discusses how the rapid growth of cybercrime drives the need for a comprehensive endpoint solution.
“The escalation of data security breaches is partly the result of the advent of mobile devices such as laptops and smartphones with email and Web surfing capabilities,” says the report.
A more recent Frost & Sullivan report published in February this year indicates that the wave of new threats and the growing sophistication of cybercrime techniques are significant factors in the growth of the market for endpoint security worldwide.
The growing sophistication of cybercrime can be illustrated by the recent case of the much-publicised Downadup series of worms. These worms presented corporates and consumers with an uneasy, but very necessary reality check. In fact, the worm's third variant managed to successfully bypass as many as 80% of traditional anti-virus solutions.
The malicious worm used various methods to propagate and spread, including through USB devices and other mobile media. Downadup 2 and 3 also had the ability to disable analytical tools and steal passwords.
Downadup also resembles a true virus in its composition: it consists of strings of pieces of code, with pieces having the ability to change, drop off or be added to the string. This type of sophisticated malware serves to lend more weight to the argument against point security products in favour of multi-layer security.
A multi-layered solution should include anti-virus, anti-spyware, firewall, intrusion prevention, device and application control and even some behavioural-based technology solutions.
Network access control (NAC) should play an integral part of securing the corporate network against mobile devices. In this way, organisations can implement policies that verify the legitimacy of both users and devices, and can control access to information and applications over the network.
Symantec’s latest Internet Security Threat Report (XIV) issued in April 2009, urges the enterprise to “consider implementing network compliance solutions that will help keep infected mobile users out of the network (and disinfect them before rejoining the network).”
It also recommends that “access to sensitive information should be restricted and organisations should also enforce compliance to information storage and transmission standards such as the PCI standard.”
The focus here should not merely be on authenticating (or banning) undefined devices connecting to the company's wireless infrastructure; foreign physical devices (such as USB drives) should also be controlled.
One of the biggest advantages of NAC is the ability to check “foreign” endpoint devices for security compliance, and then automatically apply the required security updates and allow the connection.
NAC also authenticates the user and restricts access to pre-defined areas of corporate information and applications in accordance with compliance policies.
A successful NAC system will ensure that only recognised devices are allowed onto the corporate network, and then only once they have been certified to contain the latest patches against known threats.
Of course, companies should look at having these security measures in place before the upcoming broadband boom if they want to be sufficiently safeguarded. With the above security measures in place, companies can focus exclusively on the benefits that an increase in broadband speeds will deliver to business.